Willkie Farr & Gallagher LLP and affiliates (“Willkie,” “we,” “our,” or “us”) is an international law firm, with offices located in the United States and the European Union (“EU”), and clients located throughout the world. In representing such clients, it may be necessary for the client to provide to Willkie information that is subject to data protection laws of the EU. Likewise, in performing normal human resources and business management operations for our offices in the EU, certain information transferred to the United States may be subject to data protection laws in the EU. This Privacy Shield Policy therefore applies to personal information transferred to the United States from the EU (referred to herein as “Personal Data”) to protect such data.
Willkie complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal data transferred from the EU and Switzerland to the United States respectively.
Willkie has certified to the Department of Commerce that it adheres to the Privacy Shield Principles (including without limitation the principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, Recourse, Enforcement, and Liability). To learn more about the Privacy Shield Principles, the EU-U.S. or Swiss-U.S. Privacy Shield programs, and to view our certification page, please visit http://www.privacyshield.gov. The Federal Trade Commission (FTC) has jurisdiction over Willkie’s compliance with the Privacy Shield. With respect to human resources data received from EU member countries, Willkie commits to cooperate with the EU Data Protection Authorities in conformity with the Supplemental Principles on Human Resources Data and the Role of the Data Protection Authorities, and Willkie will comply with any advice given by such authorities.
How Does Willkie Handle Personal Data?
Willkie maintains the Personal Data it receives in secure on-line and off-line facilities. Such information is not disclosed except in limited circumstances when disclosure is necessary or advisable to protect the rights, safety or property of Willkie or others; to conform to legal or regulatory requirements; or as required to protect the legitimate interests of its clients relating to Willkie’s representation of such clients. Such data is not disclosed to third parties unless permitted under applicable law and only if the third party operates in accordance with Willkie’s strict data standards.
Willkie maintains strict security and confidentiality policies that govern all information any attorney or other personnel receives in the course of his or her employment or association with Willkie. All attorneys and personnel are made aware of and required to acknowledge their receipt and understanding of these policies. Failure to adhere to the privacy, security and confidentiality policies results in appropriate discipline.
Whose Personal Data is Covered?
The Personal Data transferred from the EU and covered by this Privacy Shield Policy concerns the following categories of persons:
- Employees, associates, and partners of Willkie;
- Willkie clients, including prospective and former clients and their affiliated entities (including their respective employees, agents, consultants, directors, officers, temporary, casual workers and direct and indirect shareholders, beneficial owners and the person(s) controlling them);
- Opponents, counterparties and prospective opponents and counterparties of clients and their affiliated entities (including their respective employees, agents, consultants, directors, officers, temporary, casual workers and direct and indirect shareholders, beneficial owners and the person(s) controlling them);
- Professional and personal contacts of Willkie partners, associates and other employees;
- Suppliers (including their employees, agents, consultants, directors, officers, temporary, casual workers and direct and indirect shareholders, beneficial owners and the person(s) controlling them);
- Advisors, consultants, witnesses, other professionals and professional experts (including their employees, agents, consultants, directors, officers, temporary, casual workers and direct and indirect shareholders, beneficial owners and the person(s) controlling them);
- Other persons involved in providing legal services; and
- Dependents, associates and correspondents of the above persons affected by the data transfer.
Why Does Willkie Transfer Data?
Willkie transfers Personal Data from the EU for the following purposes:
- To provide legal services (including (i) advice to, or acting on behalf of, clients and conducting litigation, arbitration, investigations and transactional matters; (ii) establishing data rooms relating to transactions or projects; (iii) conducting document reviews and any disclosure or related exercise in any litigation or any Government or regulatory exercise or internal investigation conducted by or on behalf of Willkie and its clients);
- To maintain records related to Willkie’s business activities, including but not limited to keeping records of transactions;
- Typical human resources and business management functions, including processing compensation and benefits data for employees and monitoring Willkie systems to ensure compliance with Willkie policies;
- Compliance with Willkie’s ethical, professional and legal obligations;
- Marketing of Willkie’s services and other client communications (including invitations to events and email alerts); and
- Storage, backup and administration of client files, HR data, and other data as described above.
What Data Does Willkie Transfer?
The Personal Data Willkie transfers may concern the following categories of data:
- Client’s personal and financial information;
- Employee personal and financial information;
- Details of client’s personnel and third parties who are business associates of Willkie’s clients, and details of those who correspond with those personnel;
- Emails and other communications with third parties;
- Contact details (e-mail address, fax and/or telephone numbers, mobile telephone number, business and/or residential address) of individuals involved in matters;
- Evidence or materials that may potentially contain evidence relating to an actual or potential dispute (including emails); and
- Due diligence information and information relating to actual or prospective business, company or asset acquisitions.
To Whom Does Willkie Disclose The Data?
The Personal Data transferred from the EU may be disclosed to the following recipients or categories of recipients:
- Willkie’s partners, associates and employees who need to have access to such information;
- Willkie’s data processors (including IT vendors, data center providers, document management and archiving contractors);
- The courts, governmental authorities and third parties where Willkie is required to disclose such information by law or court, governmental or other authorized order;
- Opponents and counterparties and their affiliated entities (and their counsel, advisers, consultants and other professional experts) where so instructed by its clients or where it is necessary or expedient to do so in order to carry out a client engagement;
- Law enforcement agencies and other governmental authorities where it is necessary to comply with Willkie’s understanding of its ethical and professional duties or to prevent physical harm or financial losses; and
- Partners, associates and staff of Willkie for business development, client relations and marketing purposes.
- In cases of onward transfer to third parties of Personal Data of EU individuals received under the EU-US Privacy Shield and the Swiss-U.S. Privacy Shield Framework, Willkie may potentially be held liable, as set out in the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.
How Can You Exercise Your Rights?
Persons to whom this Privacy Shield Policy applies may request confirmation regarding whether Willkie is processing their personal data, request access to their personal data, and/or request that Willkie correct, amend, or delete their personal data. They may also withdraw their consent for any processing at any time, or “opt out” from any future processing.
For the foregoing purposes and for other questions, comments, requests, or inquiries regarding the Processing of your personal information by Willkie, please contact us at:
|Willkie Farr & Gallagher LLP
787 Seventh Avenue
New York, NY 10019
Attn: Data Protection Officer
All such requests will be handled in accordance with the Privacy Shield Principles and applicable laws, including applicable data protection and privacy laws.
Willkie makes good faith efforts to comply with such requests, but there may be circumstances in which we are unable to provide access to such information, comply with a request to amend, correct, or delete such information, and/or limit the disclosure or use of such information, including but not limited to where complying with the request would: (i) violate a privilege or protection (such as the attorney-client privilege) under applicable law; (ii) compromise confidentiality obligations or the privacy, proprietary, or other legitimate rights of Willkie, its clients, or other third parties; (iii) involve a burden or expense that would be disproportionate to the risks to the individual’s privacy; or (iv) violate applicable rules of professional responsibility or other applicable laws. If we determine that any such requests cannot be complied with for such a reason or reasons, we will endeavor to provide you with an explanation of why that determination was made. To protect your privacy, we will take commercially reasonable steps to verify your identity before granting access to or making any changes to your Personal Data.
What Should You Do if You Have a Complaint?
Users are encouraged to contact us should there be a EU-U.S. Privacy Shield-related (or general privacy-related) complaint.
EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact the UK Information Commissioner’s Office.
Willkie Farr & Gallagher has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit www.jamsadr.com for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Finally, under certain conditions, EU individuals may invoke binding arbitration before the Privacy Shield Panel.
Does Willkie Make Changes to This Privacy Shield Policy?
Willkie’s Privacy Shield Policy may be amended from time to time, consistent with applicable data protection laws, our legal obligations and professional duties, and applicable Privacy Shield Principles. Willkie will make available on its website any new version of this Privacy Shield Policy.